The Service Management Facility (SMF) provides the svc:/network/ipsec/ike:ikev2 service instance to manage IKEv2. By default, this service is disabled. Before enabling this service, you must create a valid IKEv2 configuration in the /etc/inet/ike/ikev2.config file.
The following ike:ikev2 service properties are configurable:
config_file property – Specifies the location of the IKEv2 configuration file. The initial value is /etc/inet/ike/ikev2.config. This file has special permissions and must be owned by ikeuser. Do not use a different file.
debug_level property – Sets the debugging level of the in.ikev2d daemon. The initial value is op, or operational. For possible values, see the table on debug levels under Object Types in the ikeadm(1M) man page.
debug_logfile property – Specifies the location of the log file for debugging IKEv2. The initial value is /var/log/ikev2/in.ikev2d.log.
kmf_policy property – Sets the location of the log file for certificate policy. The default value is /etc/inet/ike/kmf-policy.xml. This file has special permissions and must be owned by ikeuser. Do not use a different file.
pkcs11_token/pin property – Sets the PIN to use to log in to the keystore when the IKEv2 daemon starts. This value must match the value that you set for the token with the ikev2cert setpin command.
pkcs11_token/uri property – Sets the PKCS #11 URI to the keystore. To use the hardware storage on a crypto accelerator card, you must provide this value.
For information about SMF, see Chapter 1, Introduction to the Service Management Facility, in Managing System Services in Oracle Solaris 11.2 . Also see the smf(5), svcadm(1M), and svccfg(1M) man pages.